9 matches found
Updated svgsalamander packages fix security vulnerability
A vulnerability was found in the svgsalamander library. If the library is being used in a web application for processing user supplied SVG files then the app is vulnerable to SSRF CVE-2017-5617...
Fedora 30 : svgsalamander (2019-735d3953e8)
New upstream release with security fix for CVE-2017-5617 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 29 : svgsalamander (2019-3cbce64a64)
New upstream release with security fix for CVE-2017-5617 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
CVE-2017-5617
SVG Salamander (svgSalamander) is affected by CVE-2017-5617: a crafted SVG file can trigger server-side request forgery (SSRF) via an xlink:href attribute in web applications using the library. The vulnerability impacts the SVG rendering component and is described in multiple advisories (e.g., GL...
CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
Debian DSA-3781-1 : svgsalamander - security update
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3781. The text itself is...
[SECURITY] [DSA 3781-1] svgsalamander security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3781-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2017 https://www.debian.org/security/faq -...